Version:next-20240405 (linux-next) Released:2024-04-05

The Document Foundation: Following a successful pilot project, the northern German federal state of Schleswig-Holstein has decided to move from Microsoft Windows and Microsoft Office to Linux and LibreOffice (and other free and open source software) on the 30,000 PCs used in the local government. As reported on the homepage of the Minister-President: "Independent, sustainable, secure: Schleswig-Holstein will be a digital pioneer region and the first German state to introduce a digitally sovereign IT workplace in its state administration. With a cabinet decision to introduce the open-source software LibreOffice as the standard office solution across the board, the government has given the go-ahead for the first step towards complete digital sovereignty in the state, with further steps to follow."

Read more of this story at Slashdot.

Version:6.8.4 (stable) Released:2024-04-04 Source:linux-6.8.4.tar.xz PGP Signature:linux-6.8.4.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.8.4

Version:6.6.25 (longterm) Released:2024-04-04 Source:linux-6.6.25.tar.xz PGP Signature:linux-6.6.25.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.6.25

Version:next-20240404 (linux-next) Released:2024-04-04

Version:6.8.3 (stable) Released:2024-04-03 Source:linux-6.8.3.tar.xz PGP Signature:linux-6.8.3.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.8.3

Version:6.6.24 (longterm) Released:2024-04-03 Source:linux-6.6.24.tar.xz PGP Signature:linux-6.6.24.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.6.24

Version:6.1.84 (longterm) Released:2024-04-03 Source:linux-6.1.84.tar.xz PGP Signature:linux-6.1.84.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.1.84

Version:6.7.12 (stable) Released:2024-04-03 Source:linux-6.7.12.tar.xz PGP Signature:linux-6.7.12.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.7.12

Version:next-20240403 (linux-next) Released:2024-04-03

Bill Toulas reports via BleepingComputer: Firmware security firm Binarly has released a free online scanner to detect Linux executables impacted by the XZ Utils supply chain attack, tracked as CVE-2024-3094. CVE-2024-3094 is a supply chain compromise in XZ Utils, a set of data compression tools and libraries used in many major Linux distributions. Late last month, Microsoft engineer Andres Freud discovered the backdoor in the latest version of the XZ Utils package while investigating unusually slow SSH logins on Debian Sid, a rolling release of the Linux distribution. The backdoor was introduced by a pseudonymous contributor to XZ version 5.6.0, which remained present in 5.6.1. However, only a few Linux distributions and versions following a "bleeding edge" upgrading approach were impacted, with most using an earlier, safe library version. Following the discovery of the backdoor, a detection and remediation effort was started, with CISA proposing downgrading the XZ Utils 5.4.6 Stable and hunting for and reporting any malicious activity. Binarly says the approach taken so far in the threat mitigation efforts relies on simple checks such as byte string matching, file hash blocklisting, and YARA rules, which could lead to false positives. This approach can trigger significant alert fatigue and doesn't help detect similar backdoors on other projects. To address this problem, Binarly developed a dedicated scanner that would work for the particular library and any file carrying the same backdoor. [...] Binarly's scanner increases detection as it scans for various supply chain points beyond just the XZ Utils project, and the results are of much higher confidence. Binarly has made a free API available to accomodate bulk scans, too.

Read more of this story at Slashdot.

Version:next-20240402 (linux-next) Released:2024-04-02